Microsoft Admits New SQL Server Vulnerability - 23 Dec 2008

A security vulnerability in SQL Server could allow the remote execution of code, Microsoft said Tuesday. The vulnerability affects SQL Server 2005, SQL Server 2005 Express Edition, SQL Server 2000, SQL Server 2000 Desktop Engine (MSDE 2000), SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon). The company says that an attacker would need to either authenticate to exploit the vulnerability or take advantage of a SQL injection vulnerability in a web application that's able to authenticate. To learn more see Microsoft's website.